Categories: CyberCrimeSecurity

Russia’s FSB Arrests REvil Ransomware Gang Members

Russian authorities said they have arrested members of the notorious REvil ransomware gang, in an unprecedented move said to have been undertaken at the request of the United States.

The gang is believed to have been responsible for some of the most damaging cyberattacks over the past 12 months, including those affecting Colonial Pipeline, JBS Foods and US technology firm Kaseya.

Police worked with the FSB security services to raid 25 addresses and arrest 14 individuals in Moscow, St. Petersburg, Leningrad and Lipetsk, the FSB said.

Authorities seized more than 426 million roubles (£4m), including cryptocurrency, about £860,000 in euros and US dollars, computer equipment and 20 luxury cars.

Homes raided

The REN TV channel broadcast footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.

“The organised criminal gang has ceased to exist, and the information infrastructure used for criminal purposes was neutralised,” the FSB said in a statement.

The group members have been charged and could face up to seven years in prison. The FSB said US authorities had been informed of the developments. The US Embassy in Moscow did not immediately respond to a request for comment.

A source familiar with the case told Interfax the group’s members with Russian citizenship would not be handed over to the US.

The US said in November it would offer a reward of up to $10m for information leading to the identification or location of anyone with a key role in the REvil group.


The gang shut down its operations in July, before staging a failed comeback in September and having its information infrastructure hacked and forced offline by an international operation in October.

In November a 22-year-old Ukrainian national was arrested in Romania and charged with activities as part of the REvil gang.

Seven other alleged REvil members were also arrested last year through operations coordinated by Europol.

The surprise operation comes amidst spiralling tensions between Russia and the US over a Russian military buildup on its border with the Ukraine, as Russia seeks guarantees from the West, including that Nato will not expand further.

The raids were announced only hours after the Ukraine was hit by a major cyberattack that shut down government websites, although there was no indication the incidents were related.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Sued For Use Of NHS Data Of 1.6 Million Brits

Lawsuit alleges Google and Deepmind Technologies used NHS data of 1.6 million Britons 'without their…

9 hours ago

Twitter Sees Three More Executive Departures

Three executives apparently jump ship. More high level departures at Twitter, ahead of Elon Musk's…

11 hours ago

Apple Delays Staff Mandate For Three Days A Week In Office – Report

Tech giant blames rising Covid cases as it again pushes back return to office deadline,…

14 hours ago

Tesla Bluetooth Locks Can Be Hacked, Warns NCC Group

Digital locks, including those fitted to Tesla vehicles, are vulnerable to being unlocked via an…

16 hours ago

Twitter Board To ‘Enforce’ Elon Musk Merger Agreement

Legal action ahead? Elon Musk's takeover agreement of Twitter will be enforced says board of…

17 hours ago